ELVIS RAINES
**** ******** ******* **********, ** 30005
770-***-**** *.******@****.***
INFORMATION SECURITY/COMPLIANCE ANALYST
Experienced consulting and support services in all aspect of Information Technology area including Network and System Designing, Security Architecture.
CORE COMPETENCIES
IT Security Quality Assurance Goal-Oriented System Upgrades/Improvement Team Development
Presentation/Report Development Employee Training Communication Problem Identification/Resolution
OPERATING SYSTEMS & APPLICATIONS
Windows Linux Mac OS X Microsoft SQL Server Adobe Connect Microsoft Office SharePoint Cisco VPN Client Application Patch Management Retina Network Security Scanner WAPT Acunetix Web Vulnerability Scanner WASSP 5.0 DISA SRR Syncsort Backup Express Symantec Mcafee Active Directory IIS TCP/IP Nessus Nmap AppScan Metasploit HTML XTML XML CSS JavaScript
EXPERIENCES AND ACHIEVEMENTS
SUNTRUST BANK, Atlanta, GA 10/2015 – Present
Information Technology Security Assessment Analyst
Assist fortune clients meeting many internal and external information security regulatory audit requirements and 3rd party security risk assessment audits to provide them an unbiased risk assessment and reporting that helps securing their information assets and data.
Focusing to help clients achieve meeting SOX, HIPAA, HITECH, PCI-DSS, GLBA and SAS70 Security Compliance Requirements.
Leading process improvement activities, participating in information security assessment special projects and other assessment related activities.
Perform third party vendor risk, project risk, or technology risk assessments.
Conduct on- site security assessments to measure the effectiveness of the third parties current control environment.
Conduct ongoing security assessments to validate appropriate controls are in place.
Document and communicate with business and IT regarding security risks and deficiencies.
In-depth understanding of Payment Card Industry- Data Security Standard (PCI-DSS), and proficiency in applying and National Institute of Standards and Technology (NIST) standards.
Identify and evaluate Qualitative Risk Analysis with the DREAD Model and using the Common Vulnerability Scoring System.
Understand classification (STRIDE) scheme for characterizing known threats according to the kinds of exploit that are used to more efficiently preform security assessment of third party venders.
Work both independently and as part of a team at all levels and across departments.
Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together.
Demonstrate leadership and problem solving skills - Possess advanced interview skills to tailor the types of questions based on responses provided by internal personnel or supplier contacts.
Understand complex business and information technology management processes.
Identify and evaluate technology risks internally and/or at third parties, internal controls that mitigate risks, and related opportunities for internal control improvements.
Develop an understanding of the third parties’ IT control environment and perform basic risk management approaches to evaluate their IT controls.
Actively participate in decision making with third parties and internal company management for mitigating identified deficiencies and seek to understand the broader impact of the decisions made.
Establish and nurture positive working relationships with third parties and service managers with the intention to exceed their expectations.
Assess IT general controls and/or application layer security controls to ascertain whether they comply with organizations policies.
ASTRIUM SERVICES, Afghanistan 02/2013 – 04/2015
Information Technology Services System Administrator
Assisted in the identification of potential security exposures that currently exist or may pose potential threats to NATO networks or systems.
Collaborated and communicate effectively with a diverse set of customers at different levels in the organization.
Monitored security blogs, articles, and reports and remains current on related laws, regulations, and industry standards to keep up to date on the latest security risks, threats, and technology trends and recommends ways to incorporates information into processes, procedures, and audit preparedness activities.
Assisted with the Implementation of Security Awareness goals defined as part of organization's strategy; help design and implement programs and activities to achieve those goals.
Assisted with the development, deployment and support of Data Protection solutions and program.
Controlled security by creating users, groups, and access rights for NATO coalition forces to cloud resources.
Identified emerging technologies, products, processes or practices that could contribute to the policy framework.
Checked systems for vulnerabilities or unauthorized privileges. Provided integrity checks.
Developed corporate policies and department procedures to address information security, change management, business continuity, and disaster recovery.
Developed processes for reporting deficiencies and requesting changes to database components or systems and updated trouble tickets with pertinent information.
Identified and managed database security issues through monitoring usage and generating reports.
Designed and tested databases to ensure data consistency and developed database maintenance practices to include availability, performance, resilience, sizing, capacity, housekeeping and backup storage strategy.
Produced and updated standard operating procedures for automated data processes such as SSIS.
Conducted database user and administrator training and provided training to NATO joint forces.
Collected and analyzed statistics for capacity planning and produced server configuration reports.
Performed iisresets and JAVA cash clearing when needed in support of SOAP and asp.net products.
Custom configured XML files for use with varicose.
Maintained a high level of quality of service across 80+ exercises providing detailed and useful reporting to Communications Planners and team members.
Provided consultative architecture, systems management, and troubleshooting support to, Coalition forces in Afghanistan client’s environments running VMware-virtualized OLTP and OLAP SQL workloads, web portals, and data analysis environments.
Performed technical planning, system integration, verification and validation, cost and risk, and supportability and effectiveness analyses for total systems.
COMPUTER SCIENCES CORPORATION, Okinawa, Japan 04/2011 – 03/2013
C4I System Analyst Database Administrator
Managed software teams, participating in the full life-cycle of the development process database administration support for SQL server databases, database support included creating and loading databases, reviewing data models, testing and tuning queries, developing stored procedures, scheduling backups, developing and testing contingency plans, etc. and developing standard operating procedures, monitoring and maintaining database security and database software, and travel to internal and external customer sites for onsite support of customer programs.
Overseen and executed planned infrastructure maintenance activity while minimizing impact to services.
Participated in a periodic on-call rotation to support a 24-hour, seven-day operation.
Scheduled, configured and maintained network security upgrades and daily backups. Performed security audits and disaster recovery tests and helped write and develop HIPAA compliant policies, procedures and audits.
Maintained web records, portal roles, LDAP accounts, active directory, and bookmark groups.
Configured security class upgrade that resulted in 100% error free production implementation.
Developed a series of SLA trend reports for team that decreased resolution time by 50%.
Consulted on strategic direction for architecture and recommended hardware and software implementation to improve quality, efficiency, security, and minimize cost.
Collaborated with developers and system and network administrators to implement secure, reliable database environments on NIPR, SIPR, RIPR and CENTRIX networks.
Directed design, implementation and testing of Microsoft SQL database backup, recovery systems, migration and archiving systems and procedures.
IIIMEF in engineering solutions for disaster recovery, storage, and the continued maintenance of a COOP site for the IIIMEF.
Performed limited LAN administration and provide on-site and remote technical support to customers for the Navy/Marine Corps Intranet (NMCI)
Identified areas at risk following the Microsoft’s threat modeling process for the SharePoint farms databases and applications.
Created maintenance plan schedules for databases, log backups and cleanups while overseeing decommissioning and consolidation of end of life-cycle and maintaining an ongoing inventory of old and new hardware for each location.
Documenting the changes in change management tickets. Assisted an enterprise-wide virtualization effort, overseeing vendor/hardware qualifications, architecture/design, installation, configuration, migration and documentation. Reduced the company’s server hardware footprint by 60% leading to savings in power and cooling.
Provided on-site server support Automated Logistics Management Support System (ALMSS) used by USMC to sustain global depot level logistics for Command and Control, Intelligence, Surveillance and Reconnaissance (C2ISR) programs.
Evaluated and developed tools for operating system, database management system, and network security testing as well as data analysis, incident tracking, and reporting.
Establish, maintain and monitor complete identity management, including authentication, access to systems and data, define specific access to network, files and database management systems. Systems include Active directory and SharePoint farm.
Delivered weekly reporting on server outages and usage to management.
BRTRC, Fairfax, VA 10/2007 – 04/2011
Web Hosting Support Engineer
Collaborated with concerned stakeholders for legal, regulatory, security and compliance updates.
Analyzed business unit compliance with enterprise standards, legal, regulatory and contractual obligations, provide feedback and coaching to business units, and report to the Corporate Risk Council, Executive Management and other stakeholders about the status of compliance across the organization.
Protected vulnerable networks following detailed risk assessments.
Guided cross-functional teams in the design, validation, acceptance testing and implementation of secure, networked communications across remote sites for several key clients.
Supported the design, implementation, operation and maintenance of security applications and tools based upon the established security architecture.
Lead the design and operation of specific compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations.
Performed access control, incident management, training for property security.
Drafted incident case reports, collected background info and evidence from statements during investigation and uploaded data into proper management information system for proper processing.
Implemented and modified Group Policy for multiple domains to align them to NIST and corporate standards.
Assisted in several HIPPA and security audits to confirm that the account was aligned with state and federal standards.
Managed acquisition, implementation, deployment and ongoing administration of data loss prevention systems.
Developed information security training modules for annual employee completion and lead weekly training sessions for newly hired employees.
Performed daily maintenance and monitoring of anti-malware, vulnerability scanning, web proxies, host and network based intrusion detection systems.
Responded to client security audit questionnaires to detail compliance with contractual requirements and due care of industry best practices and regulations.
Deployed and maintained security monitoring tools including Tripwire, Scriptlogic, SolarWinds, Websense, and IBM VSOC.
Maintained the collection and retention or documentation and execution of remediation plans as agreed to with the IT Management Team.
Identified potential areas where existing data security policies and procedures require change.
Supported security system upgrades and installations; assist with and coordinate installations and changes to automated operations.
Developed ad-hoc reports for management regarding metrics/compliance.
Identified potential areas where risk existed following the Microsoft’s threat modeling process (STRIDE/DREAD).
Created and executed program process to ensure plans are updated and reviewed following NIST 800-34.
Ensured that each standard/supporting policy fully and accurately supports the master policies.
Maintained network security posture through patch maintenance, ensured virus definitions were current, testing of the disaster recovery plan and implemented security policy and virus protection.
Established and maintained documentation of technologies, standards, and in-house operation procedures while ensuring IT enterprise framework aligned with organization goals and procedures.
Conduct analysis of malicious events and known exploits/vulnerabilities for the creation of custom signature rule sets for the accompanying modules, as necessary.
Perform troubleshooting of local and remote installation of HBSS components and deployment of HBSS modules and policies.
Administered change management, uploaded and tracked DIACAP artifacts into eMASS and created Plan of Action and Milestone reports to ensure proper remediation methods.
Oversaw full lifecycle documentation of accreditation process using Department of Defense Information Assurance Certification and Accreditation Processed and Platform IT requests.
Performing VMware crash/error analysis, Root cause Analysis, Coordinate Post Problem Analysis and Trend Analysis.
Managed web services, third party SSL certificates and general server configurations, including patch installation and web server security.
Established, maintained and monitored complete identity management, including authentication, access to systems and data, define specific access to network, files and database management systems. Systems include Active directory, RACF, Exchange 2007, Office Communicator, MCS Oracle, and CISCO VPN.
LANMARK TECHNOLOGY INC, Fairfax, VA 03/2006 – 10/2007
Information Management Analyst
Managed quality assurance of web design projects, including usability, accessibility, testing and debugging, image creation, optimization and section 508 compliancy.
Installed, configured, and updated workstations hardware/software and Windows Operating Systems and all related hardware and manage trouble calls by logging, prioritizing, user follow-up and customer.
MARINE CORPS COMMUNITY SERVICES, Quantico, VA 10/2005 – 03/2006
Web Designer
Established style requirements, guidelines and development standards for projects.
Trained clients in use of applications, internet standards and design with interface design solution.
ABC IMAGING, Washington, DC 08/2005 – 11/2005
Information Technology Technician
Provided end user support for over 1000 users in a LAN/WAN environment.
Managed usernames and passwords in Active Directory, performed regular maintenance and updates on department computers, troubleshooting connectivity and printing problems.
UNITED STATES MARINE CORPS (Honorably Discharged) 02/1993 – 06/2005
Combat Illustrator
Appointed section information Systems Coordinator working in liaison with Camp Foster G6 to maintain a network of 30 section computers and a wide range of software to include MS Office, Adobe CS, and Avid.
Assisted the combat camera chief in supervising, coordinating, administering, and managing combat camera information activities.
EDUCATION
Bachelor of Science, Computer and Information Science, ECPI College of Technology, Manassas VA, 2009
PROFESSIONAL DEVELOPMENT
Certified Information Systems Security Professional, In Progress
Certified, CompTIA Security COMP001020061884
Certified, Microsoft SQL Server D927-3726
United States Marine Corps, Honorably Discharged
Alumni, Phi Theta Kappa Honor Society